nisse@lysator.liu.se (Niels Möller) writes:
Simon Josefsson simon@josefsson.org writes:
If it would help someone, there is code in libssh2 that I wrote which decodes unencrypted OpenSSL private keys (which apparently is what OpenSSH is using) and imports them into a libgcrypt sexp.
Does openssl and openssh use the PKCS#1 format for private keys, as the DER encoding of ASN.1 objects? (Maybe that spec is for RSA keys only, but if so there ought to be some related spec for DSA).
Yup. It is just ASN.1 encoding of some integers in a sequence.
I would have expected openssh to use something closer to the ssh wireformat, i.e., the wireformat ssh-rsa/ssh-dsa with some additional felds for the secret information, like I think the old proprietary ssh program did.
For PKCS#1 format, the program pkcs1-conv (from nettle-1.14 and later) can also convert RSA keys in pkcs#1 formats to sexp format.
Then I would think that pkcs1-conv would handle this.
/Simon